Security News
Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment's web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with Netgear devices.
The new features come from a partnership with security firm Avira, but they won't be free: They're part of a new package called HomeCare Pro. At CES 2020, router manufacturer TP-Link announced new security features for its Wi-Fi 6 routers.
Nearly 16,000 malware-infected MicroTik routers have been scrubbed of Coinhive cryptojacking code thanks to an international police operation. The international law enforcement agency Interpol says it launched Operation Goldfish Alpha in June 2019 to target 20,000 hacked routers in Southeast Asia that were being used to mine for cryptocurrency, as well as to raise awareness in the region of the threat posed by cryptojacking.
Nearly 16,000 malware-infected MicroTik routers have been scrubbed of Coinhive cryptojacking code thanks to an international police operation. The international law enforcement agency Interpol says it launched Operation Goldfish Alpha in June 2019 to target 20,000 hacked routers in Southeast Asia that were being used to mine for cryptocurrency, as well as to raise awareness in the region of the threat posed by cryptojacking.
Multiple critical vulnerabilities in Ruckus Wi-Fi routers used throughout the world were disclosed at the 36th Chaos Communication Congress in Leipzig, Germany, held from December 27-30, 2019. Although the devices examined were from the Ruckus Unleashed stable, Zror told SecurityWeek, "I believe the same issues will affect the Ruckus regular routers and other Ruckus devices. Without pre-authentication," he continued, "I can run my own code on those devices. The implication is that I can upload my own malware into the router, and manipulate all the router activity, as I wish. From there I can access any other network, including the corporate network, that may be connected or may also use Ruckus devices."
Proof-of-concept exploits were recently made public by researchers for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. Miguel Méndez Zúñiga and Pablo Pollanco of Telefónica Chile recently disclosed the details of the vulnerabilities in a couple of blog posts published on Medium.
Remote attackers can easily compromise the device and pivot to move laterally through the LAN or WAN.
Talk about gone in a flash Video A pentad of bit boffins have devised a way to integrate electronic objects into augmented reality applications using their existing visible light sources, like...
Talk about gone in a flash Video A pentad of bit boffins have devised a way to integrate electronic objects into augmented reality applications using their existing visible light sources, like...
From stalkerware to Amazon Ring doorbell outrage, Threatpost editors break down the top news stories of the week.